exelastealer-malware

Introduction: 

Since cybersecurity threats are constantly changing, it is imperative that organisations keep up with the latest malware developments and fortify their defenses. This paper examines ExelaStealer, a trojan that steals information that was just found. It examines the characteristics of ExelaStealer, the potential danger vectors connected to it, and offers mitigation strategies to lessen its effects.

Malware overview:

Malware that targets Windows systems includes ExelaStealer. Passwords, credit card information, and cookies are among the sensitive data that this malicious program is made to steal from its victims. The open-source and commercial versions of ExelaStealer are both reasonably priced. This technology poses a serious risk because of its accessibility, which allows a broad spectrum of attackers to employ it.

Indicators of Compromise (IOCs):

The following IOCs have been associated with ExelaStealer malware, and they should be monitored within the network:

Filebased IOCs:

sirketruhsatpdf.exe SHA256: f96bc306a0e3bc63092a04475dd4a1bac75224df242fa9fca36388a1978ce048

sirketruhsatpdf.exe SHA256: 95d860570b2777d7af213f9b48747d528251facada54842d7a07a5798fcbfe51

BNG 824 ruhsat.pdf SHA256: 5aff2c5e65d8e4e7fa0b0c310fbaef1e1da351de34fa5f1b83bfe17eeabac7ef

RuntimeBroker.exe SHA256: 34dca3c80cd5125091e6e4de02e86dcc6a2a6f9900e058111e457c9bce6117c0

RuntimeBroker.exe SHA256: c56b23602949597352d99aff03411d620b7a5996da2cab91368de275dcfbaa44

Networkbased IOC:

Discord webhook address: hXXps://discord[.]com/api/webhooks/1139506512302194789/X_VYZdAHscWQ NKWvya9KWqqqTK6UjVvS86_kUy8P8OyCcPhKykCQpEqf93S_qDFVuzp8

These IOCs can be valuable in threat detection and mitigation efforts.

Conclusion:

By staying informed about the evolving threat landscape and emerging attack vectors, refining SIEM rules, and implementing preventive measures, organizations can improve their defenses against emerging threats like ExelaStealer and prevent such attacks from happening in future.

Reference:

  1. https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html
  2. https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field

 

This threat bulletin was researched and created by Arunagiri S, a SOC analyst from Positka

# Managed Security Services # SIEM

Recent Threat Bulletin

A report on Jenkins CVE-2024-23897 vulnerability
Ivanti Zero-Day Vulnerabilities: Connect Secure and IPS
Unmasking Androxgh0st: A deep dive to safeguard your network

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.